Here will be a policy called Interactive logon: Number of previous logons to cache (in case domain controller is not available).īy default this is set to 10 logons. In the Security Settings tree, navigate to Local Policies\Security Options. But, if you'd rather not modify the registry directly, there is another way to do this via the Local Security Policy. So, now that we know where the data is cached, and that we should not touch it there, how do we clear it?Īgain, David Yu's answer will point you to the right registry key. (Default 10)Īgain, I want to emphasize here that you should not manually modify or delete this key or its values. There will be one named NL$Control, and others named NL$# for each slot that you have available for cached credentials. Here, you should see several BINARY values. Once you're in there, navigate to HKLM\SECURITY\Cache\. The command line to do this (assuming it is installed, and in your %PATH%) is:
Therefore, to view it you will need a tool like psexec (available from Microsoft, but not installed by default) which will allow you to run regedit as SYSTEM. It is only accessible by the SYSTEM account. The registry key that stores cached domain logins is hidden even from Administrators. WARNING: I found this information in several places on the Internet, most of which recommended against modifying these values manually. This will help demonstrate (and, for troubleshooting purposes, verify) the effect of the configuration changes. Again though, this will only work if the setting is not configured by GPO.įirst, I'd like to point out where the cached credential data is stored. David Yu's answer is pretty much on-target, but there is a way to do this without editing the registry directly.
0 kommentar(er)
